Answer-first summary for fast verification
Answer: Configure Amazon GuardDuty to monitor and report findings to AWS Security Hub.
## Explanation **Amazon GuardDuty** is the correct solution because: 1. **Continuous monitoring for malicious activity**: GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts, workloads, and S3 data access patterns. 2. **Comprehensive threat detection**: GuardDuty analyzes: - AWS CloudTrail logs for suspicious API calls - VPC Flow Logs for unusual network traffic - DNS logs for compromised instances - S3 data events for suspicious access patterns 3. **Integration with AWS Security Hub**: GuardDuty can send findings to AWS Security Hub, which provides a centralized dashboard for viewing security findings from multiple AWS security services. 4. **S3 bucket monitoring**: GuardDuty specifically monitors S3 data events for suspicious access patterns, which addresses the requirement to monitor access patterns to the S3 bucket. **Why the other options are incorrect**: - **A. Amazon Macie**: Macie is focused on data security and privacy, specifically for discovering and protecting sensitive data in S3. While it can detect unusual access patterns, it doesn't provide comprehensive monitoring of AWS account workloads and malicious activity across the entire infrastructure. - **B. Amazon Inspector**: Inspector is an automated vulnerability management service that assesses applications for exposure, vulnerabilities, and deviations from best practices. It doesn't continuously monitor for malicious activity or suspicious access patterns to S3 buckets. - **D. AWS Config**: Config is a service for assessing, auditing, and evaluating AWS resource configurations for compliance. While it can track configuration changes, it doesn't monitor for malicious activity or suspicious access patterns in real-time. **Key AWS Services**: - **Amazon GuardDuty**: Intelligent threat detection - **AWS Security Hub**: Centralized security dashboard - **Amazon Macie**: Data security and privacy - **Amazon Inspector**: Vulnerability assessment - **AWS Config**: Configuration compliance
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has deployed its newest product on AWS. The product runs in an Auto Scaling group behind a Network Load Balancer. The company stores the product's objects in an Amazon S3 bucket.
The company recently experienced malicious attacks against its systems. The company needs a solution that continuously monitors for malicious activity in the AWS account, workloads, and access patterns to the S3 bucket. The solution must also report suspicious activity and display the information on a dashboard.
Which solution will meet these requirements?
A
Configure Amazon Macie to monitor and report findings to AWS Config.
B
Configure Amazon Inspector to monitor and report findings to AWS CloudTrail.
C
Configure Amazon GuardDuty to monitor and report findings to AWS Security Hub.
D
Configure AWS Config to monitor and report findings to Amazon EventBridge.